Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

insecure password option #575

Closed
hadmut opened this issue Sep 19, 2019 · 1 comment · Fixed by #781
Closed

insecure password option #575

hadmut opened this issue Sep 19, 2019 · 1 comment · Fixed by #781
Labels
t:feature-request

Comments

@hadmut
Copy link

hadmut commented Sep 19, 2019

Hi,
the command line tools like amqp-publish and amqp-consume are insecure, since the username/password can be given as a command line parameter either with --password= or as part of the URL given with --url.

Passwords given as command line parameters are insecure, since they can be seen in the process list.

It should have alternative options to have the password read from a given file or pipe.
@ckastner
Copy link

ckastner commented Jun 6, 2023

Hi,

I can confirm this issue, it is easily reproduced:

$ pgrep -a ampq-consume
62287 amqp-consume --url amqp://user:pass@192.168.0.1 --queue=myqueue

So using --password or --url exposes the login details to anyone on the host who can see the process list.

@ckastner ckastner mentioned this issue Jun 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
t:feature-request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add option to read username/password from file
3 participants
@alanxz @hadmut @ckastner